Privilege Escalation in Outline Document Management System by Outline
CVE-2025-64487

7.6HIGH

Key Information:

Vendor: Outline
Status: Outline
Vendor: CVE Published:; 11 February 2026

What is CVE-2025-64487?

A privilege escalation vulnerability exists in the Outline document management system prior to version 1.1.0 due to inconsistent authorization checks between user and group membership management endpoints. This oversight may allow unauthorized users to gain elevated privileges, compromising the security of the collaborative documentation process. The issue has been addressed in version 1.1.0, which implements stricter authorization validation to prevent exploitation.

Affected Version(s)

outline <= 1.0.1

References

https://github.com/outline/outline/security/advisories/GH...

x_refsource_CONFIRM

https://github.com/outline/outline/releases/tag/v1.1.0

x_refsource_MISC

CVSS V3.1

Score:

7.6

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 11, 2026
Vulnerability Reserved
Nov 5, 2025

CVE-2025-64487 Data

JSON